naruse	2015-10-23 01:54:01 +0900 (Fri, 23 Oct 2015)

  New Revision: 52227

  http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=52227

  Log:
    * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error
      in ext/openssl instead of OpenSSL itself because LibreSSL
      silently truncate the selected protocol name by casting the length
      from int to unsigned char. [Bug #11369]
      Patch by Jeremy Evans <merch-redmine@j...>

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/ossl_ssl.c
Index: ChangeLog
===================================================================
--- ChangeLog	(revision 52226)
+++ ChangeLog	(revision 52227)
@@ -1,3 +1,11 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1
+Fri Oct 23 00:32:02 2015  NARUSE, Yui  <naruse@r...>
+
+	* ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error
+	  in ext/openssl instead of OpenSSL itself because LibreSSL
+	  silently truncate the selected protocol name by casting the length
+	  from int to unsigned char. [Bug #11369]
+	  Patch by Jeremy Evans <merch-redmine@j...>
+
 Fri Oct 23 00:49:45 2015  Shugo Maeda  <shugo@r...>
 
 	* lib/un.rb (help): change the name of a block parameter to avoid
Index: ext/openssl/ossl_ssl.c
===================================================================
--- ext/openssl/ossl_ssl.c	(revision 52226)
+++ ext/openssl/ossl_ssl.c	(revision 52227)
@@ -599,9 +599,12 @@ ssl_npn_select_cb(SSL *s, unsigned char https://github.com/ruby/ruby/blob/trunk/ext/openssl/ossl_ssl.c#L599
 
     selected = rb_funcall(cb, rb_intern("call"), 1, protocols);
     StringValue(selected);
+    i = RSTRING_LENINT(selected);
+    if (i < 1 || i >= 256) {
+	    ossl_raise(eSSLError, "Selected protocol must have length 1..255");
+    }
     *out = (unsigned char *) StringValuePtr(selected);
-    *outlen = RSTRING_LENINT(selected);
-
+    *outlen = i;
     return SSL_TLSEXT_ERR_OK;
 }
 

--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/